package com.adingxiong.security.springsecurity.filter;

import com.adingxiong.security.springsecurity.controller.TestController;
import com.adingxiong.security.springsecurity.entity.SmsCode;
import com.adingxiong.security.springsecurity.exception.ValidateCodeException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.social.connect.web.HttpSessionSessionStrategy;
import org.springframework.social.connect.web.SessionStrategy;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @ClassName SmsCodeFilter
 * @Description TODO
 * @Author xiongchao
 * @Date 2020/10/19 13:23
 **/
@Component
public class SmsCodeFilter extends OncePerRequestFilter {

    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;

    private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
                                    FilterChain filterChain) throws ServletException, IOException {
        if ("/login/mobile".equals(httpServletRequest.getRequestURI())
                && httpServletRequest.getMethod().equalsIgnoreCase("post")) {
            try {
                ServletWebRequest servletWebRequest = new ServletWebRequest(httpServletRequest);
                String smsCodeInRequest = ServletRequestUtils.getStringParameter(servletWebRequest.getRequest(), "smsCode");
                String mobile = ServletRequestUtils.getStringParameter(servletWebRequest.getRequest(), "mobile");
                SmsCode codeInSession = (SmsCode) sessionStrategy.getAttribute(servletWebRequest, TestController.MSG_VALID_KEY + mobile);

                if (StringUtils.isEmpty(smsCodeInRequest)) {
                    throw new ValidateCodeException("验证码不能为空！");
                }
                if (codeInSession == null) {
                    throw new ValidateCodeException("验证码不存在，请重新发送！");
                }
                if (codeInSession.isExpire()) {
                    sessionStrategy.removeAttribute(servletWebRequest, TestController.MSG_VALID_KEY + mobile);
                    throw new ValidateCodeException("验证码已过期，请重新发送！");
                }
                if (!smsCodeInRequest.equalsIgnoreCase(codeInSession.getCode())) {
                    throw new ValidateCodeException("验证码不正确！");
                }
                sessionStrategy.removeAttribute(servletWebRequest, TestController.MSG_VALID_KEY + mobile);
            } catch (ValidateCodeException e) {
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

}
